DNS Article 7 DNS Log System

Use bind, dlz, and MySQL to build intelligent DNS. The DNS data can be put into MySQL.

Yum list all | grep BIND contains an SDB package. You can also put our data in the database.

How can I enable the DNS log function? It is not recommended to enable the log function. If the log function is enabled, the DNS performance will be affected and the performance will be poor.

You only need to add an option in option. Man named. conf

Querylog yes;

Options {

Directory "/var/named ";

Querylog yes;

};

View/var/log/messages to view the log information, which wastes a lot of space.

You can use the catagory log system to help us customize the log detection for those behaviors.

The default log level is info.

By default, the DNS server logs are output in/var/log/messages, but some logs such as startup, restart, and shutdown do not have important DNS log output. For some important logs, we want to see how DNS logs are

Set and define.

Channel: mainly defines the log output mode;

Which sub-statements are included in the statements defining the channel:

The name of the channel, that is, the name of the custom channel, that is, the category.

Output Mode and path;

Rotation of output logs, that is, log 1, log 2, log 3 ...;

Size Limit of output logs;

Output to syslog

Defines the message level: severity critical | err | warning | notice | info | debug | dynamic

Output of the definition category: Print-category yes or no

Output of definition level: Print-severity yes or no

Output of time definition: Print-time yes or no

CATEGORY category: defines the data that needs to be recorded, that is, the log Content output in the log. Which category is used and which channels have been defined?

Category:

Default: no category is configured. use default's category log configuration.

General, many unclassified contents are classified here;

Database, used by named to store and cache internal database information;

Security, accept and reject requests

Config Configuration File Analysis and Processing

Resolver DNA parsing;

Xfer-in: the domain transfer received by the server;

Xfer-out: domain transfer sent by the server.

...

Queries request.

The BIND log system provides two subsystems: Channel and category.

Catagory: A log source (it refers to the log source that generates logs. It is better to say that some are related to queries and some are related to regional transfers .) So catagory allows us to define the log source.

Query

Regional transfer;

You can use catagory to customize log sources;

One catagory can be stored in multiple locations; one channel can only store one catagory.

Catagory:

Channel: defines the location where logs are stored;

Syslog: system logs. Use the concept of log level. /Var/log/messages.

File: custom file for saving log information.

Channel "default_syslog" {Syslog daemon log; security info }"

Channel "default_debug" {file "named. Run"; severity dynamic }"

Channel "default_stderr" {stderr; severity Info ;}

Channel "default_null" {NULL ;}

Catagory:

Logging {

File "log. msgs" version 3 size 10 K; # scroll once it reaches 10 K. Logs can be rolled;

Severity dynamic; # define the log level;

};

Channel my_syslog {

Syslog local0; # define where the local0 information in Syslog is stored;

Severity Info; # define the general information in local0 to a fixed position.

};

CATEGORY xfer-in {my_file;}; # input # Save the incoming log to my_file;

CATEGORY update {my_syslog;}; # update information

};

The following is an example:

Vim/etc/name. conf

Logging {

Channel querylog {

File "/var/log/bind_query.log" versions 5;

Severity dynamic;

Print-category Yes;

Print-time Yes;

Print-severity yes;

};

CATEGORY queries {querylog;}; # The above records are queried logs. If you want to define transfer logs, you can also define them.

};

Add the following parameters.

Note that all permissions for modifying log files are named.

Dnstop: You can view the DNS performance.

Queryperf: Stress Testing

Queryperf-d test-s 172.16.100.1 test the number of tests that can be completed per second;

CAT test

Www.zledu.com.

Mail.zledu.com

Zledu.com. NS

Ns1.zledu.com.

Pop3.zledu.com.

During the test, you can consider using different virtual machines for a test to determine how fast or how slow the test is.

How to Use the dnstop tool.

Dnstop-4-Q-r eth0

Through this command, we can obtain the host address for resolution through the eth0 Nic.

This article from the "sweat achievement dream" blog, please be sure to keep this source http://redhatdragon.blog.51cto.com/9183870/1441401

DNS Article 7 DNS Log System